@digitaldefiance/node-ecies-lib 1.0.0 → 1.0.2

package/README.md

@@ -0,0 +1,266 @@
+# @digitaldefiance/node-ecies-lib
+
+A Node.js-specific implementation of the Digital Defiance ECIES (Elliptic Curve Integrated Encryption Scheme) library, providing secure encryption, decryption, and key management capabilities using Node.js crypto primitives.
+
+## Features
+
+- **ECIES Encryption/Decryption**: Secure elliptic curve integrated encryption scheme
+- **Multi-recipient Encryption**: Encrypt data for multiple recipients simultaneously
+- **PBKDF2 Key Derivation**: Password-based key derivation with configurable profiles
+- **Digital Signatures**: Sign and verify data using elliptic curve cryptography
+- **Member Management**: Comprehensive user/member system with key management
+- **Cross-platform Compatibility**: Works seamlessly with the browser-based `@digitaldefiance/ecies-lib`
+
+## Installation
+
+```bash
+npm install @digitaldefiance/node-ecies-lib
+```
+
+## Quick Start
+
+```typescript
+import { ECIESService, Member, MemberType, EmailString } from '@digitaldefiance/node-ecies-lib';
+import { getEciesI18nEngine } from '@digitaldefiance/ecies-lib';
+
+// Initialize the service
+const eciesService = new ECIESService(getEciesI18nEngine());
+
+// Create a new member
+const { member, mnemonic } = Member.newMember(
+  eciesService,
+  MemberType.User,
+  'Alice',
+  new EmailString('alice@example.com')
+);
+
+// Encrypt data
+const message = 'Hello, secure world!';
+const encrypted = member.encryptData(message);
+
+// Decrypt data
+const decrypted = member.decryptData(encrypted);
+console.log(decrypted.toString()); // "Hello, secure world!"
+```
+
+## Core Components
+
+### ECIESService
+
+The main service class providing encryption, decryption, and key management:
+
+```typescript
+import { ECIESService } from '@digitaldefiance/node-ecies-lib';
+import { getEciesI18nEngine } from '@digitaldefiance/ecies-lib';
+
+const service = new ECIESService(getEciesI18nEngine());
+
+// Generate mnemonic
+const mnemonic = service.generateNewMnemonic();
+
+// Single recipient encryption
+const encrypted = service.encryptSimpleOrSingle(
+  false, // use single mode (not simple)
+  recipientPublicKey,
+  Buffer.from('message')
+);
+
+// Multi-recipient encryption
+const multiEncrypted = service.encryptMultiple(
+  [member1, member2, member3],
+  Buffer.from('message')
+);
+```
+
+### Member Class
+
+Represents a user with cryptographic capabilities:
+
+```typescript
+import { Member, MemberType, EmailString } from '@digitaldefiance/node-ecies-lib';
+
+// Create from mnemonic
+const member = Member.fromMnemonic(mnemonic, eciesService);
+
+// Sign data
+const signature = member.sign(Buffer.from('data to sign'));
+
+// Verify signature
+const isValid = member.verify(signature, Buffer.from('data to sign'));
+
+// Encrypt for another member
+const encrypted = member.encryptData('secret message', otherMember.publicKey);
+```
+
+### PBKDF2 Service
+
+Password-based key derivation with multiple security profiles:
+
+```typescript
+import { Pbkdf2Service, Pbkdf2ProfileEnum } from '@digitaldefiance/node-ecies-lib';
+
+// Use predefined profile
+const result = Pbkdf2Service.deriveKeyFromPasswordWithProfile(
+  Buffer.from('password'),
+  Pbkdf2ProfileEnum.USER_LOGIN
+);
+
+// Custom parameters
+const customResult = Pbkdf2Service.deriveKeyFromPassword(
+  Buffer.from('password'),
+  salt,
+  100000, // iterations
+  32,     // salt bytes
+  32,     // key bytes
+  'sha256' // algorithm
+);
+
+// Async version
+const asyncResult = await Pbkdf2Service.deriveKeyFromPasswordAsync(
+  Buffer.from('password')
+);
+```
+
+## PBKDF2 Profiles
+
+The library includes several predefined PBKDF2 profiles for different use cases:
+
+| Profile | Salt Size | Iterations | Algorithm | Hash Size | Use Case |
+|---------|-----------|------------|-----------|-----------|----------|
+| `USER_LOGIN` | 32 bytes | 1,304,000 | SHA-256 | 32 bytes | User authentication |
+| `KEY_WRAPPING` | 32 bytes | 100,000 | SHA-256 | 32 bytes | Key encryption |
+| `BACKUP_CODES` | 32 bytes | 1,304,000 | SHA-256 | 32 bytes | Backup codes |
+| `HIGH_SECURITY` | 64 bytes | 2,000,000 | SHA-512 | 64 bytes | Sensitive operations |
+| `FAST_TEST` | 16 bytes | 1,000 | SHA-256 | 32 bytes | Testing/development |
+
+## Encryption Types
+
+The library supports multiple encryption modes:
+
+- **Simple**: Basic ECIES encryption for single recipients
+- **Single**: Enhanced ECIES with additional metadata
+- **Multiple**: Efficient encryption for multiple recipients
+
+```typescript
+// Single recipient
+const singleEncrypted = service.encryptSimpleOrSingle(
+  false, // single mode
+  recipientPublicKey,
+  message
+);
+
+// Multiple recipients
+const multiEncrypted = service.encryptMultiple(
+  [member1, member2, member3],
+  message
+);
+```
+
+## Cross-Platform Compatibility
+
+This Node.js library is designed to work seamlessly with the browser-based `@digitaldefiance/ecies-lib`:
+
+```typescript
+// Data encrypted in browser can be decrypted in Node.js
+const browserEncrypted = /* data from browser */;
+const nodeDecrypted = nodeMember.decryptData(browserEncrypted);
+
+// Data encrypted in Node.js can be decrypted in browser
+const nodeEncrypted = nodeMember.encryptData('message');
+// Send nodeEncrypted to browser for decryption
+```
+
+## Security Features
+
+- **Secure Memory Management**: Uses `SecureBuffer` and `SecureString` for sensitive data
+- **Key Zeroization**: Automatic cleanup of cryptographic material
+- **Configurable Security Levels**: Multiple PBKDF2 profiles for different security requirements
+- **Input Validation**: Comprehensive validation of all cryptographic inputs
+- **Error Handling**: Detailed error types for debugging and security analysis
+
+## API Reference
+
+### Constants
+
+```typescript
+import { Constants, PBKDF2, PBKDF2_PROFILES } from '@digitaldefiance/node-ecies-lib';
+
+// Access configuration constants
+const saltSize = Constants.PBKDF2.SALT_BYTES; // 32
+const iterations = Constants.PBKDF2.ITERATIONS_PER_SECOND; // 1,304,000
+const keyWrappingProfile = Constants.PBKDF2_PROFILES.KEY_WRAPPING;
+```
+
+### Interfaces
+
+Key interfaces for type safety:
+
+- `IPbkdf2Result`: Result of key derivation operations
+- `IMultiEncryptedMessage`: Multi-recipient encrypted data structure
+- `IMemberOperational`: Member interface with operational methods
+- `IWalletSeed`: Wallet and seed information
+
+## Testing
+
+The library includes comprehensive test coverage:
+
+```bash
+# Run all tests
+npm test
+
+# Run specific test suites
+npm test -- pbkdf2.spec.ts
+npm test -- ecies-compatibility.e2e.spec.ts
+```
+
+Test categories:
+- Unit tests for individual components
+- Integration tests for cross-component functionality
+- End-to-end tests for complete workflows
+- Cross-platform compatibility tests
+
+## Error Handling
+
+The library provides detailed error types for different failure scenarios:
+
+```typescript
+import { Pbkdf2Error, Pbkdf2ErrorType, MemberError, MemberErrorType } from '@digitaldefiance/node-ecies-lib';
+
+try {
+  const result = Pbkdf2Service.deriveKeyFromPassword(password, invalidSalt);
+} catch (error) {
+  if (error instanceof Pbkdf2Error) {
+    if (error.type === Pbkdf2ErrorType.InvalidSaltLength) {
+      console.log('Salt length is invalid');
+    }
+  }
+}
+```
+
+## Performance Considerations
+
+- **Async Operations**: Use async versions of PBKDF2 operations to avoid blocking the event loop
+- **Memory Management**: Dispose of members and secure buffers when no longer needed
+- **Profile Selection**: Choose appropriate PBKDF2 profiles based on security vs. performance requirements
+
+```typescript
+// Use async for better performance
+const result = await Pbkdf2Service.deriveKeyFromPasswordAsync(password);
+
+// Dispose of resources
+member.dispose();
+secureString.dispose();
+```
+
+## License
+
+MIT
+
+## Contributing
+
+Please read the contributing guidelines in the main repository.
+
+## Related Packages
+
+- `@digitaldefiance/ecies-lib`: Browser-compatible ECIES library
+- `@digitaldefiance/i18n-lib`: Internationalization support

package/dist/index.d.ts

@@ -1,3 +1,4 @@
+export * from './constants';
 export * from './enumerations';
 export * from './interfaces';
 export * from './member';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC"}

package/dist/index.js

@@ -1,3 +1,4 @@
+export * from './constants';
 export * from './enumerations';
 export * from './interfaces';
 export * from './member';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC"}

package/dist/interfaces/index.d.ts

@@ -7,6 +7,7 @@ export * from './keypair-buffer-with-un-encrypted-private-key';
 export * from './keyring-consts';
 export * from './member-operational';
 export * from './pbkdf-profiles';
+export * from './pbkdf2-result';
 export * from './signing-key-private-key-info';
 export * from './simple-keypair';
 export * from './simple-keypair-buffer';

package/dist/interfaces/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,gDAAgD,CAAC;AAC/D,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,iCAAiC,CAAC;AAChD,cAAc,kCAAkC,CAAC;AACjD,cAAc,eAAe,CAAC;AAC9B,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,gDAAgD,CAAC;AAC/D,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,iCAAiC,CAAC;AAChD,cAAc,kCAAkC,CAAC;AACjD,cAAc,eAAe,CAAC;AAC9B,cAAc,sBAAsB,CAAC"}

package/dist/interfaces/index.js

@@ -7,6 +7,7 @@ export * from './keypair-buffer-with-un-encrypted-private-key';
 export * from './keyring-consts';
 export * from './member-operational';
 export * from './pbkdf-profiles';
+export * from './pbkdf2-result';
 export * from './signing-key-private-key-info';
 export * from './simple-keypair';
 export * from './simple-keypair-buffer';

package/dist/interfaces/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,gDAAgD,CAAC;AAC/D,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,iCAAiC,CAAC;AAChD,cAAc,kCAAkC,CAAC;AACjD,cAAc,eAAe,CAAC;AAC9B,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,0BAA0B,CAAC;AACzC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,gDAAgD,CAAC;AAC/D,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,iCAAiC,CAAC;AAChD,cAAc,kCAAkC,CAAC;AACjD,cAAc,eAAe,CAAC;AAC9B,cAAc,sBAAsB,CAAC"}

package/dist/interfaces/pbkdf2-result.d.ts

@@ -0,0 +1,6 @@
+export interface IPbkdf2Result {
+    salt: Buffer;
+    hash: Buffer;
+    iterations: number;
+}
+//# sourceMappingURL=pbkdf2-result.d.ts.map

package/dist/interfaces/pbkdf2-result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pbkdf2-result.d.ts","sourceRoot":"","sources":["../../src/interfaces/pbkdf2-result.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB"}

package/dist/interfaces/pbkdf2-result.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=pbkdf2-result.js.map

package/dist/interfaces/pbkdf2-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pbkdf2-result.js","sourceRoot":"","sources":["../../src/interfaces/pbkdf2-result.ts"],"names":[],"mappings":""}

package/dist/services/ecies/crypto-core.d.ts

@@ -51,5 +51,31 @@ export declare class EciesCryptoCore {
      * @returns {ISimpleKeyPairBuffer} The new key pair
      */
     mnemonicToSimpleKeyPairBuffer(mnemonic: SecureString): ISimpleKeyPairBuffer;
+    /**
+     * Generate a random private key
+     * @returns {Buffer} The new private key
+     */
+    generatePrivateKey(): Buffer;
+    /**
+     * Get public key from private key
+     * @param privateKey {Buffer} The private key
+     * @returns {Buffer} The public key
+     */
+    getPublicKey(privateKey: Buffer): Buffer;
+    /**
+     * Generate ephemeral key pair for ECIES
+     * @returns {Promise<ISimpleKeyPairBuffer>} The key pair
+     */
+    generateEphemeralKeyPair(): Promise<{
+        privateKey: Buffer;
+        publicKey: Buffer;
+    }>;
+    /**
+     * Compute ECDH shared secret
+     * @param privateKey {Buffer} The private key
+     * @param publicKey {Buffer} The public key
+     * @returns {Buffer} The shared secret
+     */
+    computeSharedSecret(privateKey: Buffer, publicKey: Buffer): Buffer;
 }
 //# sourceMappingURL=crypto-core.d.ts.map

package/dist/services/ecies/crypto-core.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto-core.d.ts","sourceRoot":"","sources":["../../../src/services/ecies/crypto-core.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,YAAY,EAEZ,YAAY,EACb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAS,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAE3D;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAe;IACvC,IAAW,MAAM,IAAI,YAAY,CAEhC;gBAEW,MAAM,EAAE,YAAY;IAIhC;;;;OAIG;IACI,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IA6CpD;;;OAGG;IACI,mBAAmB,IAAI,YAAY;IAI1C;;;;OAIG;IACI,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAO3C;;;;OAIG;IACI,yBAAyB,CAAC,QAAQ,EAAE,YAAY,GAAG,WAAW;IAiBrE;;;;OAIG;IACI,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB;IAYxE;;;;OAIG;IACI,yBAAyB,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB;IAKpE;;;;OAIG;IACI,6BAA6B,CAClC,QAAQ,EAAE,YAAY,GACrB,oBAAoB;CAIxB"}
+{"version":3,"file":"crypto-core.d.ts","sourceRoot":"","sources":["../../../src/services/ecies/crypto-core.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,YAAY,EAEZ,YAAY,EACb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAS,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAGnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAE3D;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAe;IACvC,IAAW,MAAM,IAAI,YAAY,CAEhC;gBAEW,MAAM,EAAE,YAAY;IAIhC;;;;OAIG;IACI,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IA6CpD;;;OAGG;IACI,mBAAmB,IAAI,YAAY;IAI1C;;;;OAIG;IACI,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAO3C;;;;OAIG;IACI,yBAAyB,CAAC,QAAQ,EAAE,YAAY,GAAG,WAAW;IAiBrE;;;;OAIG;IACI,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB;IAYxE;;;;OAIG;IACI,yBAAyB,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB;IAKpE;;;;OAIG;IACI,6BAA6B,CAClC,QAAQ,EAAE,YAAY,GACrB,oBAAoB;IAKvB;;;OAGG;IACI,kBAAkB,IAAI,MAAM;IAInC;;;;OAIG;IACI,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAK/C;;;OAGG;IACU,wBAAwB,IAAI,OAAO,CAAC;QAC/C,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAMF;;;;;OAKG;IACI,mBAAmB,CACxB,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,GAChB,MAAM;CAIV"}

package/dist/services/ecies/crypto-core.js

@@ -1,6 +1,7 @@
 import { ECIES, ECIESError, ECIESErrorTypeEnum, getEciesI18nEngine, SecureBuffer, SecureString, } from '@digitaldefiance/ecies-lib';
 import { hdkey } from '@ethereumjs/wallet';
 import { generateMnemonic, mnemonicToSeedSync, validateMnemonic } from 'bip39';
+import { secp256k1 } from 'ethereum-cryptography/secp256k1.js';
 /**
  * Core encryption and decryption functions for ECIES
  * Includes coverage for simple and single modes, does not cover multiple mode which is in a separate module
@@ -111,5 +112,40 @@ export class EciesCryptoCore {
         const { seed } = this.walletAndSeedFromMnemonic(mnemonic);
         return this.seedToSimpleKeyPairBuffer(Buffer.from(seed.value));
     }
+    /**
+     * Generate a random private key
+     * @returns {Buffer} The new private key
+     */
+    generatePrivateKey() {
+        return Buffer.from(secp256k1.utils.randomPrivateKey());
+    }
+    /**
+     * Get public key from private key
+     * @param privateKey {Buffer} The private key
+     * @returns {Buffer} The public key
+     */
+    getPublicKey(privateKey) {
+        const publicKey = secp256k1.getPublicKey(privateKey, false);
+        return Buffer.from(publicKey);
+    }
+    /**
+     * Generate ephemeral key pair for ECIES
+     * @returns {Promise<ISimpleKeyPairBuffer>} The key pair
+     */
+    async generateEphemeralKeyPair() {
+        const privateKey = this.generatePrivateKey();
+        const publicKey = this.getPublicKey(privateKey);
+        return { privateKey, publicKey };
+    }
+    /**
+     * Compute ECDH shared secret
+     * @param privateKey {Buffer} The private key
+     * @param publicKey {Buffer} The public key
+     * @returns {Buffer} The shared secret
+     */
+    computeSharedSecret(privateKey, publicKey) {
+        const sharedSecret = secp256k1.getSharedSecret(privateKey, publicKey, true);
+        return Buffer.from(sharedSecret.slice(1)); // Remove the 0x02/0x03 prefix
+    }
 }
 //# sourceMappingURL=crypto-core.js.map

package/dist/services/ecies/crypto-core.js.map

@@ -1 +1 @@
-{"version":3,"file":"crypto-core.js","sourceRoot":"","sources":["../../../src/services/ecies/crypto-core.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAElB,YAAY,EACZ,YAAY,GACb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,KAAK,EAAU,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAI/E;;;GAGG;AACH,MAAM,OAAO,eAAe;IACT,OAAO,CAAe;IACvC,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,YAAY,MAAoB;QAC9B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACI,kBAAkB,CAAC,SAAiB;QACzC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,UAAU,CAClB,kBAAkB,CAAC,yBAAyB,EAC5C,kBAAkB,EAAE,EACpB,SAAS,EACT,SAAS,EACT;gBACE,KAAK,EAAE,uCAAuC;aAC/C,CACF,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC;QAEnC,wDAAwD;QACxD,IACE,SAAS,KAAK,KAAK,CAAC,iBAAiB;YACrC,SAAS,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,gBAAgB,EACvC,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,0DAA0D;QAC1D,IAAI,SAAS,KAAK,KAAK,CAAC,qBAAqB,EAAE,CAAC;YAC9C,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAC3E,CAAC;QAED,iBAAiB;QACjB,MAAM,IAAI,UAAU,CAClB,kBAAkB,CAAC,yBAAyB,EAC5C,kBAAkB,EAAE,EACpB,SAAS,EACT,SAAS,EACT;YACE,KAAK,EAAE,qCAAqC;YAC5C,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;YAC5B,gBAAgB,EAAE,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC;YACrD,gBAAgB,EAAE,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACjD,SAAS,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK;YACvD,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC;SAC/C,CACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,mBAAmB;QACxB,OAAO,IAAI,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED;;;;OAIG;IACI,cAAc,CAAC,IAAY;QAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC1D,OAAO,QAAQ;aACZ,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC;aACjD,SAAS,EAAE,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACI,yBAAyB,CAAC,QAAsB;QACrD,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,UAAU,CAClB,kBAAkB,CAAC,eAAe,EAClC,kBAAkB,EAAE,CACrB,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEzC,OAAO;YACL,IAAI,EAAE,IAAI,YAAY,CAAC,IAAI,CAAC;YAC5B,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,2BAA2B,CAAC,MAAc;QAC/C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAChC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,gBAAgB,CAAC;QAClC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;QAEhE,OAAO;YACL,UAAU;YACV,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,yBAAyB,CAAC,IAAY;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACI,6BAA6B,CAClC,QAAsB;QAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IACjE,CAAC;CACF"}
+{"version":3,"file":"crypto-core.js","sourceRoot":"","sources":["../../../src/services/ecies/crypto-core.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,UAAU,EACV,kBAAkB,EAClB,kBAAkB,EAElB,YAAY,EACZ,YAAY,GACb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,KAAK,EAAU,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAI/D;;;GAGG;AACH,MAAM,OAAO,eAAe;IACT,OAAO,CAAe;IACvC,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,YAAY,MAAoB;QAC9B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACI,kBAAkB,CAAC,SAAiB;QACzC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,UAAU,CAClB,kBAAkB,CAAC,yBAAyB,EAC5C,kBAAkB,EAAE,EACpB,SAAS,EACT,SAAS,EACT;gBACE,KAAK,EAAE,uCAAuC;aAC/C,CACF,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC;QAEnC,wDAAwD;QACxD,IACE,SAAS,KAAK,KAAK,CAAC,iBAAiB;YACrC,SAAS,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,gBAAgB,EACvC,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,0DAA0D;QAC1D,IAAI,SAAS,KAAK,KAAK,CAAC,qBAAqB,EAAE,CAAC;YAC9C,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAC3E,CAAC;QAED,iBAAiB;QACjB,MAAM,IAAI,UAAU,CAClB,kBAAkB,CAAC,yBAAyB,EAC5C,kBAAkB,EAAE,EACpB,SAAS,EACT,SAAS,EACT;YACE,KAAK,EAAE,qCAAqC;YAC5C,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;YAC5B,gBAAgB,EAAE,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC;YACrD,gBAAgB,EAAE,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC;YACjD,SAAS,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK;YACvD,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC;SAC/C,CACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,mBAAmB;QACxB,OAAO,IAAI,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED;;;;OAIG;IACI,cAAc,CAAC,IAAY;QAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC1D,OAAO,QAAQ;aACZ,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC;aACjD,SAAS,EAAE,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACI,yBAAyB,CAAC,QAAsB;QACrD,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,UAAU,CAClB,kBAAkB,CAAC,eAAe,EAClC,kBAAkB,EAAE,CACrB,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEzC,OAAO;YACL,IAAI,EAAE,IAAI,YAAY,CAAC,IAAI,CAAC;YAC5B,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,2BAA2B,CAAC,MAAc;QAC/C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAChC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,gBAAgB,CAAC;QAClC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;QAEhE,OAAO;YACL,UAAU;YACV,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,yBAAyB,CAAC,IAAY;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACI,6BAA6B,CAClC,QAAsB;QAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IACjE,CAAC;IAED;;;OAGG;IACI,kBAAkB;QACvB,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACzD,CAAC;IAED;;;;OAIG;IACI,YAAY,CAAC,UAAkB;QACpC,MAAM,SAAS,GAAG,SAAS,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAC5D,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAChC,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,wBAAwB;QAInC,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAChD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACI,mBAAmB,CACxB,UAAkB,EAClB,SAAiB;QAEjB,MAAM,YAAY,GAAG,SAAS,CAAC,eAAe,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QAC5E,OAAO,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,8BAA8B;IAC3E,CAAC;CACF"}

package/dist/services/index.d.ts

@@ -1,2 +1,3 @@
 export * from './ecies';
+export * from './pbkdf2';
 //# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC"}

package/dist/services/index.js

@@ -1,2 +1,3 @@
 export * from './ecies';
+export * from './pbkdf2';
 //# sourceMappingURL=index.js.map

package/dist/services/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC"}

package/dist/services/pbkdf2.d.ts

@@ -0,0 +1,68 @@
+import { IPbkdf2Config } from '@digitaldefiance/ecies-lib';
+import { Pbkdf2ProfileEnum } from '../enumerations/pbkdf2-profile';
+import { IPbkdf2Result } from '../interfaces/pbkdf2-result';
+/**
+ * Service for handling PBKDF2 (Password-Based Key Derivation Function 2) operations.
+ * This service provides functionality for:
+ * - Generating secure key derivation configurations
+ * - Deriving cryptographic keys from passwords
+ * - Managing salt and iteration parameters
+ * - Both synchronous and asynchronous key derivation
+ */
+export declare abstract class Pbkdf2Service {
+    /**
+     * Get a predefined configuration profile for common use cases
+     * @param profile The name of the profile to use
+     * @returns Configuration object for the specified profile
+     */
+    static getProfileConfig(profile: Pbkdf2ProfileEnum): IPbkdf2Config;
+    /**
+     * Generate an options object for pbkdf2
+     * @param iterations Optional number of iterations (defaults to Pbkdf2IterationsPerSecond)
+     * @param saltBytes Optional salt size in bytes (defaults to PBKDF2.SALT_BYTES)
+     * @param hashBytes Optional hash size in bytes (defaults to ECIES.SYMMETRIC.KEY_SIZE)
+     * @param algorithm Optional hash algorithm (defaults to PBKDF2.ALGORITHM)
+     * @returns Configuration object for PBKDF2
+     */
+    static getConfig(iterations?: number, saltBytes?: number, hashBytes?: number, algorithm?: string): IPbkdf2Config;
+    /**
+     * Given a password, use pbkdf2 to generate an appropriately sized key for AES encryption
+     * @param password The password to derive a key from
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @param iterations Optional number of iterations
+     * @param saltBytes Optional salt size in bytes
+     * @param keySize Optional key size in bytes
+     * @param algorithm Optional hash algorithm
+     * @returns Object containing the derived key, salt, and iteration count
+     */
+    static deriveKeyFromPassword(password: Buffer, salt?: Buffer, iterations?: number, saltBytes?: number, keySize?: number, algorithm?: string): IPbkdf2Result;
+    /**
+     * Async version of deriveKeyFromPassword that uses libuv threadpool via crypto.pbkdf2
+     * to avoid blocking the event loop during password verification.
+     * @param password The password to derive a key from
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @param iterations Optional number of iterations
+     * @param saltBytes Optional salt size in bytes
+     * @param keySize Optional key size in bytes
+     * @param algorithm Optional hash algorithm
+     * @returns Promise resolving to object containing the derived key, salt, and iteration count
+     */
+    static deriveKeyFromPasswordAsync(password: Buffer, salt?: Buffer, iterations?: number, saltBytes?: number, keySize?: number, algorithm?: string): Promise<IPbkdf2Result>;
+    /**
+     * Derive a key using a predefined configuration profile
+     * @param password The password to derive a key from
+     * @param profile The configuration profile to use
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @returns Object containing the derived key, salt, and iteration count
+     */
+    static deriveKeyFromPasswordWithProfile(password: Buffer, profile: Pbkdf2ProfileEnum, salt?: Buffer): IPbkdf2Result;
+    /**
+     * Async version of deriveKeyFromPasswordWithProfile
+     * @param password The password to derive a key from
+     * @param profile The configuration profile to use
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @returns Promise resolving to object containing the derived key, salt, and iteration count
+     */
+    static deriveKeyFromPasswordWithProfileAsync(password: Buffer, profile: Pbkdf2ProfileEnum, salt?: Buffer): Promise<IPbkdf2Result>;
+}
+//# sourceMappingURL=pbkdf2.d.ts.map

package/dist/services/pbkdf2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pbkdf2.d.ts","sourceRoot":"","sources":["../../src/services/pbkdf2.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,aAAa,EAId,MAAM,4BAA4B,CAAC;AAIpC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE5D;;;;;;;GAOG;AACH,8BAAsB,aAAa;IACjC;;;;OAIG;WACW,gBAAgB,CAAC,OAAO,EAAE,iBAAiB,GAAG,aAAa;IAUzE;;;;;;;OAOG;WACW,SAAS,CACrB,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,aAAa;IAkBhB;;;;;;;;;OASG;WACW,qBAAqB,CACjC,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,EACb,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,aAAa;IAgChB;;;;;;;;;;OAUG;WACiB,0BAA0B,CAC5C,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,EACb,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,aAAa,CAAC;IAiCzB;;;;;;OAMG;WACW,gCAAgC,CAC5C,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,iBAAiB,EAC1B,IAAI,CAAC,EAAE,MAAM,GACZ,aAAa;IAYhB;;;;;;OAMG;WACiB,qCAAqC,CACvD,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,iBAAiB,EAC1B,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,aAAa,CAAC;CAW1B"}

package/dist/services/pbkdf2.js

@@ -0,0 +1,130 @@
+import { ECIES, Pbkdf2Error, Pbkdf2ErrorType, getEciesI18nEngine, } from '@digitaldefiance/ecies-lib';
+import { pbkdf2 as pbkdf2Async, pbkdf2Sync, randomBytes } from 'crypto';
+import { promisify } from 'util';
+import { PBKDF2, PBKDF2_PROFILES } from '../constants';
+/**
+ * Service for handling PBKDF2 (Password-Based Key Derivation Function 2) operations.
+ * This service provides functionality for:
+ * - Generating secure key derivation configurations
+ * - Deriving cryptographic keys from passwords
+ * - Managing salt and iteration parameters
+ * - Both synchronous and asynchronous key derivation
+ */
+export class Pbkdf2Service {
+    /**
+     * Get a predefined configuration profile for common use cases
+     * @param profile The name of the profile to use
+     * @returns Configuration object for the specified profile
+     */
+    static getProfileConfig(profile) {
+        const profileConfig = PBKDF2_PROFILES[profile];
+        return {
+            hashBytes: profileConfig.hashBytes,
+            saltBytes: profileConfig.saltBytes,
+            iterations: profileConfig.iterations,
+            algorithm: profileConfig.algorithm,
+        };
+    }
+    /**
+     * Generate an options object for pbkdf2
+     * @param iterations Optional number of iterations (defaults to Pbkdf2IterationsPerSecond)
+     * @param saltBytes Optional salt size in bytes (defaults to PBKDF2.SALT_BYTES)
+     * @param hashBytes Optional hash size in bytes (defaults to ECIES.SYMMETRIC.KEY_SIZE)
+     * @param algorithm Optional hash algorithm (defaults to PBKDF2.ALGORITHM)
+     * @returns Configuration object for PBKDF2
+     */
+    static getConfig(iterations, saltBytes, hashBytes, algorithm) {
+        // larger numbers mean better security, less
+        return {
+            // size of the generated hash
+            hashBytes: hashBytes ?? ECIES.SYMMETRIC.KEY_SIZE,
+            // larger salt means hashed passwords are more resistant to rainbow table, but
+            // you get diminishing returns pretty fast
+            saltBytes: saltBytes ?? PBKDF2.SALT_BYTES,
+            // more iterations means an attacker has to take longer to brute force an
+            // individual password, so larger is better. however, larger also means longer
+            // to hash the password. tune so that hashing the password takes about a
+            // second
+            iterations: iterations ?? PBKDF2.ITERATIONS_PER_SECOND,
+            // hash algorithm
+            algorithm: algorithm ?? PBKDF2.ALGORITHM,
+        };
+    }
+    /**
+     * Given a password, use pbkdf2 to generate an appropriately sized key for AES encryption
+     * @param password The password to derive a key from
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @param iterations Optional number of iterations
+     * @param saltBytes Optional salt size in bytes
+     * @param keySize Optional key size in bytes
+     * @param algorithm Optional hash algorithm
+     * @returns Object containing the derived key, salt, and iteration count
+     */
+    static deriveKeyFromPassword(password, salt, iterations, saltBytes, keySize, algorithm) {
+        const config = Pbkdf2Service.getConfig(iterations, saltBytes, keySize, algorithm);
+        const saltBytes_ = salt ?? randomBytes(config.saltBytes);
+        if (saltBytes_.length !== config.saltBytes) {
+            throw new Pbkdf2Error(Pbkdf2ErrorType.InvalidSaltLength, getEciesI18nEngine());
+        }
+        const hashBytes = pbkdf2Sync(password, saltBytes_, config.iterations, config.hashBytes, config.algorithm);
+        if (hashBytes.length !== config.hashBytes) {
+            throw new Pbkdf2Error(Pbkdf2ErrorType.InvalidHashLength, getEciesI18nEngine());
+        }
+        return {
+            salt: saltBytes_,
+            hash: hashBytes,
+            iterations: config.iterations,
+        };
+    }
+    /**
+     * Async version of deriveKeyFromPassword that uses libuv threadpool via crypto.pbkdf2
+     * to avoid blocking the event loop during password verification.
+     * @param password The password to derive a key from
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @param iterations Optional number of iterations
+     * @param saltBytes Optional salt size in bytes
+     * @param keySize Optional key size in bytes
+     * @param algorithm Optional hash algorithm
+     * @returns Promise resolving to object containing the derived key, salt, and iteration count
+     */
+    static async deriveKeyFromPasswordAsync(password, salt, iterations, saltBytes, keySize, algorithm) {
+        const config = Pbkdf2Service.getConfig(iterations, saltBytes, keySize, algorithm);
+        const saltBytes_ = salt ?? randomBytes(config.saltBytes);
+        if (saltBytes_.length !== config.saltBytes) {
+            throw new Pbkdf2Error(Pbkdf2ErrorType.InvalidSaltLength, getEciesI18nEngine());
+        }
+        const pbkdf2 = promisify(pbkdf2Async);
+        const hashBytes = (await pbkdf2(password, saltBytes_, config.iterations, config.hashBytes, config.algorithm));
+        if (hashBytes.length !== config.hashBytes) {
+            throw new Pbkdf2Error(Pbkdf2ErrorType.InvalidHashLength, getEciesI18nEngine());
+        }
+        return {
+            salt: saltBytes_,
+            hash: hashBytes,
+            iterations: config.iterations,
+        };
+    }
+    /**
+     * Derive a key using a predefined configuration profile
+     * @param password The password to derive a key from
+     * @param profile The configuration profile to use
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @returns Object containing the derived key, salt, and iteration count
+     */
+    static deriveKeyFromPasswordWithProfile(password, profile, salt) {
+        const config = Pbkdf2Service.getProfileConfig(profile);
+        return Pbkdf2Service.deriveKeyFromPassword(password, salt, config.iterations, config.saltBytes, config.hashBytes, config.algorithm);
+    }
+    /**
+     * Async version of deriveKeyFromPasswordWithProfile
+     * @param password The password to derive a key from
+     * @param profile The configuration profile to use
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @returns Promise resolving to object containing the derived key, salt, and iteration count
+     */
+    static async deriveKeyFromPasswordWithProfileAsync(password, profile, salt) {
+        const config = Pbkdf2Service.getProfileConfig(profile);
+        return Pbkdf2Service.deriveKeyFromPasswordAsync(password, salt, config.iterations, config.saltBytes, config.hashBytes, config.algorithm);
+    }
+}
+//# sourceMappingURL=pbkdf2.js.map

package/dist/services/pbkdf2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pbkdf2.js","sourceRoot":"","sources":["../../src/services/pbkdf2.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EAEL,WAAW,EACX,eAAe,EACf,kBAAkB,GACnB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,MAAM,IAAI,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAIvD;;;;;;;GAOG;AACH,MAAM,OAAgB,aAAa;IACjC;;;;OAIG;IACI,MAAM,CAAC,gBAAgB,CAAC,OAA0B;QACvD,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC/C,OAAO;YACL,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,SAAS,EAAE,aAAa,CAAC,SAAS;SACnC,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,MAAM,CAAC,SAAS,CACrB,UAAmB,EACnB,SAAkB,EAClB,SAAkB,EAClB,SAAkB;QAElB,4CAA4C;QAC5C,OAAO;YACL,6BAA6B;YAC7B,SAAS,EAAE,SAAS,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ;YAChD,8EAA8E;YAC9E,0CAA0C;YAC1C,SAAS,EAAE,SAAS,IAAI,MAAM,CAAC,UAAU;YACzC,yEAAyE;YACzE,8EAA8E;YAC9E,wEAAwE;YACxE,SAAS;YACT,UAAU,EAAE,UAAU,IAAI,MAAM,CAAC,qBAAqB;YACtD,iBAAiB;YACjB,SAAS,EAAE,SAAS,IAAI,MAAM,CAAC,SAAS;SACzC,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACI,MAAM,CAAC,qBAAqB,CACjC,QAAgB,EAChB,IAAa,EACb,UAAmB,EACnB,SAAkB,EAClB,OAAgB,EAChB,SAAkB;QAElB,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CACpC,UAAU,EACV,SAAS,EACT,OAAO,EACP,SAAS,CACV,CAAC;QACF,MAAM,UAAU,GAAG,IAAI,IAAI,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEzD,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC3C,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAC1B,QAAQ,EACR,UAAU,EACV,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,CACjB,CAAC;QAEF,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1C,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACI,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAC5C,QAAgB,EAChB,IAAa,EACb,UAAmB,EACnB,SAAkB,EAClB,OAAgB,EAChB,SAAkB;QAElB,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CACpC,UAAU,EACV,SAAS,EACT,OAAO,EACP,SAAS,CACV,CAAC;QACF,MAAM,UAAU,GAAG,IAAI,IAAI,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEzD,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC3C,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,SAAS,GAAG,CAAC,MAAM,MAAM,CAC7B,QAAQ,EACR,UAAU,EACV,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,CACjB,CAAW,CAAC;QAEb,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1C,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,gCAAgC,CAC5C,QAAgB,EAChB,OAA0B,EAC1B,IAAa;QAEb,MAAM,MAAM,GAAG,aAAa,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,aAAa,CAAC,qBAAqB,CACxC,QAAQ,EACR,IAAI,EACJ,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,CACjB,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,KAAK,CAAC,qCAAqC,CACvD,QAAgB,EAChB,OAA0B,EAC1B,IAAa;QAEb,MAAM,MAAM,GAAG,aAAa,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,aAAa,CAAC,0BAA0B,CAC7C,QAAQ,EACR,IAAI,EACJ,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,CACjB,CAAC;IACJ,CAAC;CACF"}

package/dist/utils.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Encodes the length of the data in the buffer
+ * @param buffer The buffer to encode
+ * @returns The encoded buffer
+ */
+export declare function lengthEncodeData(buffer: Buffer): Buffer;
+export declare function decodeLengthEncodedData(buffer: Buffer): {
+    data: Buffer;
+    totalLength: number;
+};
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAUA;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAuBvD;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB,CA0CA"}

package/dist/utils.js

@@ -0,0 +1,67 @@
+import { EciesStringKey, getEciesI18nEngine, getLengthEncodingTypeForLength, getLengthEncodingTypeFromValue, getLengthForLengthType, LengthEncodingType, TranslatableError, } from '@digitaldefiance/ecies-lib';
+/**
+ * Encodes the length of the data in the buffer
+ * @param buffer The buffer to encode
+ * @returns The encoded buffer
+ */
+export function lengthEncodeData(buffer) {
+    const lengthType = getLengthEncodingTypeForLength(buffer.length);
+    const lengthTypeSize = getLengthForLengthType(lengthType);
+    const result = Buffer.alloc(1 + lengthTypeSize + buffer.length);
+    result.writeUInt8(lengthType, 0);
+    switch (lengthType) {
+        case LengthEncodingType.UInt8:
+            result.writeUInt8(buffer.length, 1);
+            break;
+        case LengthEncodingType.UInt16:
+            result.writeUInt16BE(buffer.length, 1);
+            break;
+        case LengthEncodingType.UInt32:
+            result.writeUInt32BE(buffer.length, 1);
+            break;
+        case LengthEncodingType.UInt64:
+            result.writeBigUInt64BE(BigInt(buffer.length), 1);
+            break;
+    }
+    buffer.copy(result, 1 + lengthTypeSize);
+    return result;
+}
+export function decodeLengthEncodedData(buffer) {
+    if (buffer.length < 1) {
+        throw new RangeError('Buffer is too short to read length type.');
+    }
+    const lengthType = getLengthEncodingTypeFromValue(buffer.readUint8(0));
+    const lengthTypeSize = getLengthForLengthType(lengthType);
+    if (buffer.length < 1 + lengthTypeSize) {
+        throw new RangeError('Buffer is too short to read the full length value.');
+    }
+    let length;
+    switch (lengthType) {
+        case LengthEncodingType.UInt8:
+            length = buffer.readUint8(1);
+            break;
+        case LengthEncodingType.UInt16:
+            length = buffer.readUint16BE(1);
+            break;
+        case LengthEncodingType.UInt32:
+            length = buffer.readUint32BE(1);
+            break;
+        case LengthEncodingType.UInt64:
+            length = buffer.readBigUInt64BE(1);
+            if (Number(length) > Number.MAX_SAFE_INTEGER) {
+                throw new RangeError('Length exceeds maximum safe integer value');
+            }
+            break;
+        default:
+            throw new TranslatableError(EciesStringKey.Error_LengthError_LengthIsInvalidType, getEciesI18nEngine());
+    }
+    const totalLength = 1 + lengthTypeSize + Number(length);
+    if (totalLength > buffer.length) {
+        throw new RangeError('Buffer is too short for declared data length');
+    }
+    return {
+        data: buffer.subarray(1 + lengthTypeSize, totalLength),
+        totalLength,
+    };
+}
+//# sourceMappingURL=utils.js.map

package/dist/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,8BAA8B,EAC9B,8BAA8B,EAC9B,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AAEpC;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,MAAM,UAAU,GAAuB,8BAA8B,CACnE,MAAM,CAAC,MAAM,CACd,CAAC;IACF,MAAM,cAAc,GAAW,sBAAsB,CAAC,UAAU,CAAC,CAAC;IAClE,MAAM,MAAM,GAAW,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACxE,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IACjC,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,kBAAkB,CAAC,KAAK;YAC3B,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACpC,MAAM;QACR,KAAK,kBAAkB,CAAC,MAAM;YAC5B,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACvC,MAAM;QACR,KAAK,kBAAkB,CAAC,MAAM;YAC5B,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACvC,MAAM;QACR,KAAK,kBAAkB,CAAC,MAAM;YAC5B,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YAClD,MAAM;IACV,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,GAAG,cAAc,CAAC,CAAC;IACxC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,MAAc;IAIpD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,UAAU,CAAC,0CAA0C,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,UAAU,GAAuB,8BAA8B,CACnE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CACpB,CAAC;IACF,MAAM,cAAc,GAAW,sBAAsB,CAAC,UAAU,CAAC,CAAC;IAElE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,cAAc,EAAE,CAAC;QACvC,MAAM,IAAI,UAAU,CAAC,oDAAoD,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,MAAuB,CAAC;IAC5B,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,kBAAkB,CAAC,KAAK;YAC3B,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM;QACR,KAAK,kBAAkB,CAAC,MAAM;YAC5B,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM;QACR,KAAK,kBAAkB,CAAC,MAAM;YAC5B,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM;QACR,KAAK,kBAAkB,CAAC,MAAM;YAC5B,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACnC,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBAC7C,MAAM,IAAI,UAAU,CAAC,2CAA2C,CAAC,CAAC;YACpE,CAAC;YACD,MAAM;QACR;YACE,MAAM,IAAI,iBAAiB,CAAC,cAAc,CAAC,qCAAqC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC5G,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,GAAG,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,IAAI,UAAU,CAAC,8CAA8C,CAAC,CAAC;IACvE,CAAC;IACD,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,cAAc,EAAE,WAAW,CAAC;QACtD,WAAW;KACZ,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digitaldefiance/node-ecies-lib",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Digital Defiance Node ECIES Library",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -52,13 +52,14 @@
   "type": "module",
   "packageManager": "yarn@4.10.3",
   "dependencies": {
-    "@digitaldefiance/ecies-lib": "^1.0.18",
+    "@digitaldefiance/ecies-lib": "^1.0.20",
     "@digitaldefiance/i18n-lib": "^1.0.33",
     "@ethereumjs/wallet": "^10.0.0",
     "@noble/curves": "^2.0.1",
     "@noble/hashes": "^2.0.1",
     "@scure/bip32": "^2.0.0",
     "bson": "^6.10.4",
+    "ethereum-cryptography": "^3.2.0",
     "ts-brand": "^0.2.0"
   }
 }